npm · registry.npmjs.org
muaddib-scanner
Webhook Exfil Endpoint: matched "webhook.site"
Why PkgRadar flagged 2.11.78
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "webhook.site" · package/src/scanner/ast-detectors/constants.js |
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/src/scanner/deobfuscate.js |
| high | Webhook Exfil Endpoint | matched "canarytokens.org" · package/src/rules/index.js |
| high | Webhook Exfil Endpoint | matched "discord.com/api/webhooks/" · package/src/sandbox/index.js |
| high | Webhook Exfil Endpoint | matched "webhook.site" · package/src/sandbox/network-allowlist.js |
| high | Webhook Exfil Endpoint | matched "webhook.site" · package/src/response/playbooks.js |
| high | DNS / OAST exfiltration | matched "oastify.com" · package/src/scanner/ast-detectors/constants.js |
| high | DNS / OAST exfiltration | matched "oastify.com" · package/src/rules/index.js |
| high | DNS / OAST exfiltration | matched "oastify.com" · package/src/sandbox/network-allowlist.js |
| high | DNS / OAST exfiltration | matched "oast.fun" · package/src/scanner/package.js |
| high | DNS / OAST exfiltration | matched "oastify.com" · package/src/response/playbooks.js |
| medium | Credential file access | matched ".npmrc" · package/src/scanner/package.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.11.78 | High risk | 196 | 2026-06-08 |
2.11.77 | High risk | 196 | 2026-06-08 |
Related campaigns
- dnszlsk — 2 releases, max score 196
Block this in CI
pkgradar gate --ecosystem npm [email protected]